Google released emergency Chrome updates for two actively exploited zero-days — CVE-2026-3909 (Skia out-of-bounds write) and CVE-2026-3910 (V8 arbitrary code execution), both CVSS 8.8. The GlassWorm supply chain campaign escalated with 72+ malicious Open VSX extensions discovered targeting developers and AI coding assistants using transitive dependency poisoning. The medical technology wiper incident continues with no restoration timeline as the Intune weaponization is confirmed. And the Coruna iOS exploit kit has been traced to exploits originally developed by a defense contractor — closing the loop on the proliferation story from government-commissioned tools to mass criminal deployment.

Links & Resources

• https://thehackernews.com/2026/03/google-releases-emergency-chrome-update.html
• https://www.bleepingcomputer.com/news/security/google-releases-emergency-chrome-updates-for-two-zero-days/
• https://www.securityweek.com/iran-linked-hacker-attack-on-stryker-disrupted-manufacturing-and-shipping/
• https://www.scworld.com/news/no-restoration-timeline-for-medical-device-maker-stryker-after-cyberattack
• https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-march-2026/
• https://www.securityweek.com/news/
• https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
• https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking